MyBB PHP Cross Reference Discussion Forums

Source: /private.php - 2209 lines - 60587 bytes - Summary - Text - Print

Description: MyBB 1.6 Copyright 2010 MyBB Group, All Rights Reserved

   1  <?php
   2  /**
   3   * MyBB 1.6
   4   * Copyright 2010 MyBB Group, All Rights Reserved
   5   *
   6   * Website: http://mybb.com
   7   * License: http://mybb.com/about/license
   8   *
   9   * $Id$
  10   */
  11  
  12  define("IN_MYBB", 1);
  13  define("IGNORE_CLEAN_VARS", "sid");
  14  define('THIS_SCRIPT', 'private.php');
  15  
  16  $templatelist = "private_send,private_send_buddyselect,private_read,private_tracking,private_tracking_readmessage,private_tracking_unreadmessage";
  17  $templatelist .= ",private_folders,private_folders_folder,private_folders_folder_unremovable,private,usercp_nav,private_empty_folder,private_empty,private_archive_txt,private_archive_csv,private_archive_html";
  18  $templatelist .= ",usercp_nav_messenger,usercp_nav_changename,usercp_nav_profile,usercp_nav_misc,multipage_nextpage,multipage_page_current,multipage_page,multipage_start,multipage_end,multipage,usercp_nav_editsignature,private_read_action,postbit_away,postbit_avatar,postbit_warn,postbit_rep_button";
  19  $templatelist .= ",private_messagebit,codebuttons,smilieinsert,smilieinsert_getmore,posticons,private_send_autocomplete,private_messagebit_denyreceipt,private_read_to,postbit_online,postbit_find,postbit_pm,postbit_email,postbit_reputation,postbit_warninglevel,postbit_author_user,postbit_reply_pm,postbit_forward_pm";
  20  $templatelist .= ",postbit_delete_pm,postbit,private_tracking_nomessage,private_nomessages,postbit_author_guest,private_multiple_recipients_user,private_multiple_recipients_bcc,private_multiple_recipients";
  21  $templatelist .= ",private_search_messagebit,private_search_results_nomessages,private_search_results,private_advanced_search,previewpost,private_send_tracking,private_send_signature,private_read_bcc";
  22  $templatelist .= ",private_archive,private_pmspace,private_limitwarning,postbit_groupimage,postbit_offline,postbit_www,postbit_replyall_pm,postbit_signature,postbit_classic,postbit_gotopost,usercp_nav_messenger_tracking,multipage_prevpage";
  23  
  24  require_once  "./global.php";
  25  require_once  MYBB_ROOT."inc/functions_post.php";
  26  require_once  MYBB_ROOT."inc/functions_user.php";
  27  require_once  MYBB_ROOT."inc/class_parser.php";
  28  $parser = new postParser;
  29  
  30  // Load global language phrases
  31  $lang->load("private");
  32  
  33  if($mybb->settings['enablepms'] == 0)
  34  {
  35      error($lang->pms_disabled);
  36  }
  37  
  38  if($mybb->user['uid'] == '/' || $mybb->user['uid'] == 0 || $mybb->usergroup['canusepms'] == 0)
  39  {
  40      error_no_permission();
  41  }
  42  
  43  if(!$mybb->user['pmfolders'])
  44  {
  45      $mybb->user['pmfolders'] = "1**$%%$2**$%%$3**$%%$4**";
  46  
  47      $sql_array = array(
  48           "pmfolders" => $mybb->user['pmfolders']
  49      );
  50      $db->update_query("users", $sql_array, "uid = ".$mybb->user['uid']);
  51  }
  52  
  53  // On a random occassion, recount the users pm's just to make sure everything is in sync.
  54  $rand = my_rand(0, 9);
  55  if($rand == 5)
  56  {
  57      update_pm_count();
  58  }
  59  
  60  $foldersearch = "<select multiple=\"multiple\" name=\"folder[]\" id=\"folder\">\n";
  61  $foldersearch .= "<option selected=\"selected\">{$lang->all_folders}</option>\n";
  62  $folderjump = "<select name=\"jumpto\">\n";
  63  $folderoplist = "<input type=\"hidden\" value=\"".intval($mybb->input['fid'])."\" name=\"fromfid\" />\n<select name=\"fid\">\n";
  64  $folderjump2 = "<select name=\"jumpto2\">\n";
  65  
  66  $foldernames = array();
  67  $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
  68  foreach($foldersexploded as $key => $folders)
  69  {
  70      $folderinfo = explode("**", $folders, 2);
  71      if($mybb->input['fid'] == $folderinfo[0])
  72      {
  73          $sel = ' selected="selected"';
  74      }
  75      else
  76      {
  77          $sel = '';
  78      }
  79      $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
  80      $foldernames[$folderinfo[0]] = $folderinfo[1];
  81      $folderjump .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n";
  82      $folderjump2 .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n";
  83      $folderoplist .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n";
  84      $foldersearch .= "<option value=\"$folderinfo[0]\"$sel>$folderinfo[1]</option>\n";
  85      $folderlinks .= "&#149;&nbsp;<a href=\"private.php?fid=$folderinfo[0]\">$folderinfo[1]</a><br />\n";
  86  }
  87  $folderjump .= "</select>\n";
  88  $folderjump2 .= "</select>\n";
  89  $folderoplist .= "</select>\n";
  90  $foldersearch .= "</select>\n";
  91  
  92  usercp_menu();
  93  
  94  
  95  // Make navigation
  96  add_breadcrumb($lang->nav_pms, "private.php");
  97  
  98  switch($mybb->input['action'])
  99  {
 100      case "send":
 101          add_breadcrumb($lang->nav_send);
 102          break;
 103      case "tracking":
 104          add_breadcrumb($lang->nav_tracking);
 105          break;
 106      case "folders":
 107          add_breadcrumb($lang->nav_folders);
 108          break;
 109      case "empty":
 110          add_breadcrumb($lang->nav_empty);
 111          break;
 112      case "export":
 113          add_breadcrumb($lang->nav_export);
 114          break;
 115      case "advanced_search":
 116          add_breadcrumb($lang->nav_search);
 117          break;
 118      case "results":
 119          add_breadcrumb($lang->nav_results);
 120          break;
 121  }
 122  
 123  if($mybb->input['preview'])
 124  {
 125      $mybb->input['action'] = "send";
 126  }
 127  
 128  if(($mybb->input['action'] == "do_search" || $mybb->input['action'] == "do_stuff" && ($mybb->input['quick_search'] || !$mybb->input['hop'] && !$mybb->input['moveto'] && !$mybb->input['delete'])) && $mybb->request_method == "post")
 129  {
 130      $plugins->run_hooks("private_do_search_start");
 131  
 132      // Simulate coming from our advanced search form with some preset options
 133      if($mybb->input['quick_search'])
 134      {
 135          $mybb->input['action'] = "do_search";
 136          $mybb->input['subject'] = 1;
 137          $mybb->input['message'] = 1;
 138          $mybb->input['folder'] = $mybb->input['fid'];
 139          unset($mybb->input['jumpto']);
 140          unset($mybb->input['fromfid']);
 141      }
 142  
 143      // Check if search flood checking is enabled and user is not admin
 144      if($mybb->settings['searchfloodtime'] > 0 && $mybb->usergroup['cancp'] != 1)
 145      {
 146          // Fetch the time this user last searched
 147          $timecut = TIME_NOW-$mybb->settings['searchfloodtime'];
 148          $query = $db->simple_select("searchlog", "*", "uid='{$mybb->user['uid']}' AND dateline > '$timecut'", array('order_by' => "dateline", 'order_dir' => "DESC"));
 149          $last_search = $db->fetch_array($query);
 150          // Users last search was within the flood time, show the error
 151          if($last_search['sid'])
 152          {
 153              $remaining_time = $mybb->settings['searchfloodtime']-(TIME_NOW-$last_search['dateline']);
 154              if($remaining_time == 1)
 155              {
 156                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding_1, $mybb->settings['searchfloodtime']);
 157              }
 158              else
 159              {
 160                  $lang->error_searchflooding = $lang->sprintf($lang->error_searchflooding, $mybb->settings['searchfloodtime'], $remaining_time);
 161              }
 162              error($lang->error_searchflooding);
 163          }
 164      }
 165  
 166      if($mybb->input['subject'] != 1 && $mybb->input['message'] != 1)
 167      {
 168          error($lang->error_nosearchresults);
 169      }
 170  
 171      if($mybb->input['message'] == 1)
 172      {
 173          $resulttype = "pmmessages";
 174      }
 175      else
 176      {
 177          $resulttype = "pmsubjects";
 178      }
 179  
 180      $search_data = array(
 181          "keywords" => $mybb->input['keywords'],
 182          "subject" => $mybb->input['subject'],
 183          "message" => $mybb->input['message'],
 184          "sender" => $mybb->input['sender'],
 185          "status" => $mybb->input['status'],
 186          "folder" => $mybb->input['folder'],
 187      );
 188  
 189      if($db->can_search == true)
 190      {
 191          require_once  MYBB_ROOT."inc/functions_search.php";
 192  
 193          $search_results = privatemessage_perform_search_mysql($search_data);
 194      }
 195      else
 196      {
 197          error($lang->error_no_search_support);
 198      }
 199      $sid = md5(uniqid(microtime(), 1));
 200      $searcharray = array(
 201          "sid" => $db->escape_string($sid),
 202          "uid" => $mybb->user['uid'],
 203          "dateline" => TIME_NOW,
 204          "ipaddress" => $db->escape_string($session->ipaddress),
 205          "threads" => '',
 206          "posts" => '',
 207          "resulttype" => $resulttype,
 208          "querycache" => $search_results['querycache'],
 209          "keywords" => $db->escape_string($mybb->input['keywords']),
 210      );
 211      $plugins->run_hooks("private_do_search_process");
 212  
 213      $db->insert_query("searchlog", $searcharray);
 214  
 215      // Sender sort won't work yet
 216      $sortby = array('subject', 'sender', 'dateline');
 217  
 218      if(in_array($mybb->input['sort'], $sortby))
 219      {
 220          $sortby = $mybb->input['sort'];
 221      }
 222      else
 223      {
 224          $sortby = "dateline";
 225      }
 226  
 227      if(my_strtolower($mybb->input['sortordr']) == "asc" || my_strtolower($mybb->input['sortordr']) == "desc")
 228      {
 229          $sortorder = $mybb->input['sortordr'];
 230      }
 231      else
 232      {
 233          $sortorder = "desc";
 234      }
 235  
 236      $plugins->run_hooks("private_do_search_end");
 237      redirect("private.php?action=results&sid=".$sid."&sortby=".$sortby."&order=".$sortorder, $lang->redirect_searchresults);
 238  }
 239  
 240  if($mybb->input['action'] == "results")
 241  {
 242      $sid = $db->escape_string($mybb->input['sid']);
 243      $query = $db->simple_select("searchlog", "*", "sid='{$sid}' AND uid='{$mybb->user['uid']}'");
 244      $search = $db->fetch_array($query);
 245  
 246      if(!$search['sid'])
 247      {
 248          error($lang->error_invalidsearch);
 249      }
 250  
 251      $plugins->run_hooks("private_results_start");
 252  
 253      // Decide on our sorting fields and sorting order.
 254      $order = my_strtolower(htmlspecialchars_uni($mybb->input['order']));
 255      $sortby = my_strtolower(htmlspecialchars_uni($mybb->input['sortby']));
 256  
 257      $sortby_accepted = array('subject', 'username', 'dateline');
 258  
 259      if(in_array($sortby, $sortby_accepted))
 260      {
 261          $query_sortby = $sortby;
 262  
 263          if($query_sortby == "username")
 264          {
 265              $query_sortby = "fromusername";
 266          }
 267      }
 268      else
 269      {
 270          $sortby = $query_sortby = "dateline";
 271      }
 272  
 273      if($order != "asc")
 274      {
 275          $order = "desc";
 276      }
 277  
 278      if(!$mybb->settings['threadsperpage'])
 279      {
 280          $mybb->settings['threadsperpage'] = 20;
 281      }
 282  
 283      // Work out pagination, which page we're at, as well as the limits.
 284      $perpage = $mybb->settings['threadsperpage'];
 285      $page = intval($mybb->input['page']);
 286      if($page > 0)
 287      {
 288          $start = ($page-1) * $perpage;
 289      }
 290      else
 291      {
 292          $start = 0;
 293          $page = 1;
 294      }
 295      $end = $start + $perpage;
 296      $lower = $start+1;
 297      $upper = $end;
 298  
 299      // Work out if we have terms to highlight
 300      $highlight = "";
 301      if($search['keywords'])
 302      {
 303          $highlight = "&amp;highlight=".urlencode($search['keywords']);
 304      }
 305  
 306      // Do Multi Pages
 307      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "pmid IN(".$db->escape_string($search['querycache']).")");
 308      $pmscount = $db->fetch_array($query);
 309  
 310      if($upper > $threadcount)
 311      {
 312          $upper = $threadcount;
 313      }
 314      $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?action=results&amp;sid=".htmlspecialchars_uni($mybb->input['sid'])."&amp;sortby={$sortby}&amp;order={$order}");
 315      $messagelist = '';
 316  
 317      $icon_cache = $cache->read("posticons");
 318  
 319      // Cache users in multiple recipients for sent & drafts folder
 320      // Get all recipients into an array
 321      $cached_users = $get_users = array();
 322      $users_query = $db->simple_select("privatemessages", "recipients", "pmid IN(".$db->escape_string($search['querycache']).")", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => $query_sortby, 'order_dir' => $order));
 323      while($row = $db->fetch_array($users_query))
 324      {
 325          $recipients = unserialize($row['recipients']);
 326          if(is_array($recipients['to']) && count($recipients['to']))
 327          {
 328              $get_users = array_merge($get_users, $recipients['to']);
 329          }
 330  
 331          if(is_array($recipients['bcc']) && count($recipients['bcc']))
 332          {
 333              $get_users = array_merge($get_users, $recipients['bcc']);
 334          }
 335      }
 336  
 337      $get_users = implode(',', array_unique($get_users));
 338  
 339      // Grab info
 340      if($get_users)
 341      {
 342          $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
 343          while($user = $db->fetch_array($users_query))
 344          {
 345              $cached_users[$user['uid']] = $user;
 346          }
 347      }
 348  
 349      $query = $db->query("
 350          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
 351          FROM ".TABLE_PREFIX."privatemessages pm
 352          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
 353          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
 354          WHERE pm.pmid IN(".$db->escape_string($search['querycache']).") AND pm.uid='{$mybb->user['uid']}'
 355          ORDER BY pm.{$query_sortby} {$order}
 356          LIMIT {$start}, {$perpage}
 357      ");
 358      while($message = $db->fetch_array($query))
 359      {
 360          $msgalt = $msgsuffix = $msgprefix = '';
 361  
 362          // Determine Folder Icon
 363          if($message['status'] == 0)
 364          {
 365              $msgfolder = 'new_pm.gif';
 366              $msgalt = $lang->new_pm;
 367              $msgprefix = "<strong>";
 368              $msgsuffix = "</strong>";
 369          }
 370          elseif($message['status'] == 1)
 371          {
 372              $msgfolder = 'old_pm.gif';
 373              $msgalt = $lang->old_pm;
 374          }
 375          elseif($message['status'] == 3)
 376          {
 377              $msgfolder = 're_pm.gif';
 378              $msgalt = $lang->reply_pm;
 379          }
 380          else if($message['status'] == 4)
 381          {
 382              $msgfolder = 'fw_pm.gif';
 383              $msgalt = $lang->fwd_pm;
 384          }
 385  
 386          if($folder == 2 || $folder == 3)
 387          {
 388              // Sent Items or Drafts Folder Check
 389              $recipients = unserialize($message['recipients']);
 390              $to_users = $bcc_users = '';
 391              if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && count($recipients['bcc']) > 0))
 392              {
 393                  foreach($recipients['to'] as $uid)
 394                  {
 395                      $profilelink = get_profile_link($uid);
 396                      $user = $cached_users[$uid];
 397                      $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 398                      eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 399                  }
 400                  if(is_array($recipients['bcc']) && count($recipients['bcc']))
 401                  {
 402                      eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
 403                      foreach($recipients['bcc'] as $uid)
 404                      {
 405                          $profilelink = get_profile_link($uid);
 406                          $user = $cached_users[$uid];
 407                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
 408                          eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
 409                      }
 410                  }
 411  
 412                  eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
 413              }
 414              else if($message['toid'])
 415              {
 416                  $tofromusername = $message['tousername'];
 417                  $tofromuid = $message['toid'];
 418              }
 419              else
 420              {
 421                  $tofromusername = $lang->not_sent;
 422              }
 423          }
 424          else
 425          {
 426              $tofromusername = $message['fromusername'];
 427              $tofromuid = $message['fromid'];
 428              if($tofromuid == 0)
 429              {
 430                  $tofromusername = $lang->mybb_engine;
 431              }
 432          }
 433  
 434          $tofromusername = build_profile_link($tofromusername, $tofromuid);
 435  
 436          $denyreceipt = '';
 437  
 438          if($message['icon'] > 0 && $icon_cache[$message['icon']])
 439          {
 440              $icon = $icon_cache[$message['icon']];
 441              $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" align=\"center\" valign=\"middle\" />";
 442          }
 443          else
 444          {
 445              $icon = '&#009;';
 446          }
 447  
 448          if(!trim($message['subject']))
 449          {
 450              $message['subject'] = $lang->pm_no_subject;
 451          }
 452  
 453          $message['subject'] = $parser->parse_badwords($message['subject']);
 454  
 455          if(my_strlen($message['subject']) > 50)
 456          {
 457              $message['subject'] = htmlspecialchars_uni(my_substr($message['subject'], 0, 50)."...");
 458          }
 459          else
 460          {
 461              $message['subject'] = htmlspecialchars_uni($message['subject']);
 462          }
 463  
 464          if($message['folder'] != "3")
 465          {
 466              $sendpmdate = my_date($mybb->settings['dateformat'], $message['dateline']);
 467              $sendpmtime = my_date($mybb->settings['timeformat'], $message['dateline']);
 468              $senddate = $sendpmdate.", ".$sendpmtime;
 469          }
 470          else
 471          {
 472              $senddate = $lang->not_sent;
 473          }
 474  
 475          $foldername = $foldernames[$message['folder']];
 476  
 477          // What we do here is parse the post using our post parser, then strip the tags from it
 478          $parser_options = array(
 479              'allow_html' => 0,
 480              'allow_mycode' => 1,
 481              'allow_smilies' => 0,
 482              'allow_imgcode' => 0,
 483              'filter_badwords' => 1
 484          );
 485          $message['message'] = strip_tags($parser->parse_message($message['message'], $parser_options));
 486          if(my_strlen($message['message']) > 200)
 487          {
 488              $message['message'] = my_substr($message['message'], 0, 200)."...";
 489          }
 490  
 491          eval("\$messagelist .= \"".$templates->get("private_search_messagebit")."\";");
 492      }
 493  
 494      if($db->num_rows($query) == 0)
 495      {
 496          eval("\$messagelist = \"".$templates->get("private_search_results_nomessages")."\";");
 497      }
 498  
 499      $plugins->run_hooks("private_results_end");
 500  
 501      eval("\$results = \"".$templates->get("private_search_results")."\";");
 502      output_page($results);
 503  }
 504  
 505  if($mybb->input['action'] == "advanced_search")
 506  {
 507      $plugins->run_hooks("private_advanced_search");
 508  
 509      eval("\$advanced_search = \"".$templates->get("private_advanced_search")."\";");
 510  
 511      output_page($advanced_search);
 512  }
 513  
 514  // Dismissing a new/unread PM notice
 515  if($mybb->input['action'] == "dismiss_notice")
 516  {
 517      if($mybb->user['pmnotice'] != 2)
 518      {
 519          exit;
 520      }
 521  
 522      // Verify incoming POST request
 523      verify_post_check($mybb->input['my_post_key']);
 524  
 525      $updated_user = array(
 526          "pmnotice" => 1
 527      );
 528      $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
 529  
 530      if($mybb->input['ajax'])
 531      {
 532          echo 1;
 533          exit;
 534      }
 535      else
 536      {
 537          header("Location: index.php");
 538          exit;
 539      }
 540  }
 541  
 542  $send_errors = '';
 543  
 544  if($mybb->input['action'] == "do_send" && $mybb->request_method == "post")
 545  {
 546      if($mybb->usergroup['cansendpms'] == 0)
 547      {
 548          error_no_permission();
 549      }
 550  
 551      // Verify incoming POST request
 552      verify_post_check($mybb->input['my_post_key']);
 553  
 554      $plugins->run_hooks("private_send_do_send");
 555  
 556      // Attempt to see if this PM is a duplicate or not
 557      $time_cutoff = TIME_NOW - (5 * 60 * 60);
 558      $query = $db->query("
 559          SELECT pm.pmid
 560          FROM ".TABLE_PREFIX."privatemessages pm
 561          LEFT JOIN ".TABLE_PREFIX."users u ON(u.uid=pm.toid)
 562          WHERE u.username='".$db->escape_string($mybb->input['to'])."' AND pm.dateline > {$time_cutoff} AND pm.fromid='{$mybb->user['uid']}' AND pm.subject='".$db->escape_string($mybb->input['subject'])."' AND pm.message='".$db->escape_string($mybb->input['message'])."' AND pm.folder!='3'
 563      ");
 564      $duplicate_check = $db->fetch_field($query, "pmid");
 565      if($duplicate_check)
 566      {
 567          error($lang->error_pm_already_submitted);
 568      }
 569  
 570      require_once  MYBB_ROOT."inc/datahandlers/pm.php";
 571      $pmhandler = new PMDataHandler();
 572  
 573      $pm = array(
 574          "subject" => $mybb->input['subject'],
 575          "message" => $mybb->input['message'],
 576          "icon" => $mybb->input['icon'],
 577          "fromid" => $mybb->user['uid'],
 578          "do" => $mybb->input['do'],
 579          "pmid" => $mybb->input['pmid']
 580      );
 581  
 582      // Split up any recipients we have
 583      $pm['to'] = explode(",", $mybb->input['to']);
 584      $pm['to'] = array_map("trim", $pm['to']);
 585      if(!empty($mybb->input['bcc']))
 586      {
 587          $pm['bcc'] = explode(",", $mybb->input['bcc']);
 588          $pm['bcc'] = array_map("trim", $pm['bcc']);
 589      }
 590  
 591      if(!$mybb->usergroup['cantrackpms'])
 592      {
 593          $mybb->input['options']['readreceipt'] = false;
 594      }
 595  
 596      $pm['options'] = array(
 597          "signature" => $mybb->input['options']['signature'],
 598          "disablesmilies" => $mybb->input['options']['disablesmilies'],
 599          "savecopy" => $mybb->input['options']['savecopy'],
 600          "readreceipt" => $mybb->input['options']['readreceipt']
 601      );
 602  
 603      if($mybb->input['saveasdraft'])
 604      {
 605          $pm['saveasdraft'] = 1;
 606      }
 607      $pmhandler->set_data($pm);
 608  
 609      // Now let the pm handler do all the hard work.
 610      if(!$pmhandler->validate_pm())
 611      {
 612          $pm_errors = $pmhandler->get_friendly_errors();
 613          $send_errors = inline_error($pm_errors);
 614          $mybb->input['action'] = "send";
 615      }
 616      else
 617      {
 618          $pminfo = $pmhandler->insert_pm();
 619          $plugins->run_hooks("private_do_send_end");
 620  
 621          if(isset($pminfo['draftsaved']))
 622          {
 623              redirect("private.php", $lang->redirect_pmsaved);
 624          }
 625          else
 626          {
 627              redirect("private.php", $lang->redirect_pmsent);
 628          }
 629      }
 630  }
 631  
 632  if($mybb->input['action'] == "send")
 633  {
 634      if($mybb->usergroup['cansendpms'] == 0)
 635      {
 636          error_no_permission();
 637      }
 638  
 639      $plugins->run_hooks("private_send_start");
 640  
 641      $smilieinserter = $codebuttons = '';
 642  
 643      if($mybb->settings['bbcodeinserter'] != 0 && $mybb->settings['pmsallowmycode'] != 0 && $mybb->user['showcodebuttons'] != 0)
 644      {
 645          $codebuttons = build_mycode_inserter();
 646          if($mybb->settings['pmsallowsmilies'] != 0)
 647          {
 648              $smilieinserter = build_clickable_smilies();
 649          }
 650      }
 651  
 652      $lang->post_icon = $lang->message_icon;
 653  
 654      $posticons = get_post_icons();
 655      $message = htmlspecialchars_uni($parser->parse_badwords($mybb->input['message']));
 656      $subject = htmlspecialchars_uni($parser->parse_badwords($mybb->input['subject']));
 657  
 658      if($mybb->input['preview'] || $send_errors)
 659      {
 660          $options = $mybb->input['options'];
 661          if($options['signature'] == 1)
 662          {
 663              $optionschecked['signature'] = 'checked="checked"';
 664          }
 665          if($options['disablesmilies'] == 1)
 666          {
 667              $optionschecked['disablesmilies'] = 'checked="checked"';
 668          }
 669          if($options['savecopy'] != 0)
 670          {
 671              $optionschecked['savecopy'] = 'checked="checked"';
 672          }
 673          if($options['readreceipt'] != 0)
 674          {
 675              $optionschecked['readreceipt'] = 'checked="checked"';
 676          }
 677          $to = htmlspecialchars_uni($mybb->input['to']);
 678          $bcc = htmlspecialchars_uni($mybb->input['bcc']);
 679      }
 680  
 681      // Preview
 682      if($mybb->input['preview'])
 683      {
 684          $options = $mybb->input['options'];
 685          $query = $db->query("
 686              SELECT u.username AS userusername, u.*, f.*
 687              FROM ".TABLE_PREFIX."users u
 688              LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 689              WHERE u.uid='".$mybb->user['uid']."'
 690          ");
 691  
 692          $post = $db->fetch_array($query);
 693  
 694          $post['userusername'] = $mybb->user['username'];
 695          $post['postusername'] = $mybb->user['username'];
 696          $post['message'] = $mybb->input['message'];
 697          $post['subject'] = htmlspecialchars_uni($mybb->input['subject']);
 698          $post['icon'] = $mybb->input['icon'];
 699          $post['smilieoff'] = $options['disablesmilies'];
 700          $post['dateline'] = TIME_NOW;
 701  
 702          if(!$options['signature'])
 703          {
 704              $post['includesig'] = 0;
 705          }
 706          else
 707          {
 708              $post['includesig'] = 1;
 709          }
 710  
 711          // Merge usergroup data from the cache
 712          $data_key = array(
 713              'title' => 'grouptitle',
 714              'usertitle' => 'groupusertitle',
 715              'stars' => 'groupstars',
 716              'starimage' => 'groupstarimage',
 717              'image' => 'groupimage',
 718              'namestyle' => 'namestyle',
 719              'usereputationsystem' => 'usereputationsystem'
 720          );
 721  
 722          foreach($data_key as $field => $key)
 723          {
 724              $post[$key] = $groupscache[$post['usergroup']][$field];
 725          }
 726  
 727          $postbit = build_postbit($post, 2);
 728          eval("\$preview = \"".$templates->get("previewpost")."\";");
 729      }
 730      else if(!$send_errors)
 731      {
 732          // New PM, so load default settings
 733          if($mybb->user['signature'] != '')
 734          {
 735              $optionschecked['signature'] = 'checked="checked"';
 736          }
 737          if($mybb->usergroup['cantrackpms'] == 1)
 738          {
 739              $optionschecked['readreceipt'] = 'checked="checked"';
 740          }
 741          $optionschecked['savecopy'] = 'checked="checked"';
 742      }
 743  
 744      // Draft, reply, forward
 745      if($mybb->input['pmid'] && !$mybb->input['preview'] && !$send_errors)
 746      {
 747          $query = $db->query("
 748              SELECT pm.*, u.username AS quotename
 749              FROM ".TABLE_PREFIX."privatemessages pm
 750              LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 751              WHERE pm.pmid='{$mybb->input['pmid']}' AND pm.uid='{$mybb->user['uid']}'
 752          ");
 753  
 754          $pm = $db->fetch_array($query);
 755          $message = htmlspecialchars_uni($parser->parse_badwords($pm['message']));
 756          $subject = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
 757  
 758          if($pm['folder'] == "3")
 759          {
 760              // message saved in drafts
 761              $mybb->input['uid'] = $pm['toid'];
 762  
 763              if($pm['includesig'] == 1)
 764              {
 765                  $optionschecked['signature'] = 'checked="checked"';
 766              }
 767              if($pm['smilieoff'] == 1)
 768              {
 769                  $optionschecked['disablesmilies'] = 'checked="checked"';
 770              }
 771              if($pm['receipt'])
 772              {
 773                  $optionschecked['readreceipt'] = 'checked="checked"';
 774              }
 775  
 776              // Get list of recipients
 777              $recipients = unserialize($pm['recipients']);
 778              $comma = '';
 779              if(isset($recipients['to']) && is_array($recipients['to']))
 780              {
 781                  foreach($recipients['to'] as $recipient)
 782                  {
 783                      $recipient_list['to'][] = $recipient;
 784                      $recipientids .= $comma.$recipient;
 785                      $comma = ',';
 786                  }
 787              }
 788  
 789              if(isset($recipients['bcc']) && is_array($recipients['bcc']))
 790              {
 791                  foreach($recipients['bcc'] as $recipient)
 792                  {
 793                      $recipient_list['bcc'][] = $recipient;
 794                      $recipientids .= $comma.$recipient;
 795                      $comma = ',';
 796                  }
 797              }
 798  
 799              if(!empty($recipientids))
 800              {
 801                  $query = $db->simple_select("users", "uid, username", "uid IN ({$recipientids})");
 802                  while($user = $db->fetch_array($query))
 803                  {
 804                      if(isset($recipients['bcc']) && is_array($recipients['bcc']) && in_array($user['uid'], $recipient_list['bcc']))
 805                      {
 806                          $bcc .= htmlspecialchars_uni($user['username']).', ';
 807                      }
 808                      else
 809                      {
 810                          $to .= htmlspecialchars_uni($user['username']).', ';
 811                      }
 812                  }
 813              }
 814          }
 815          else
 816          {
 817              // forward/reply
 818              $subject = preg_replace("#(FW|RE):( *)#is", '', $subject);
 819              $postdate = my_date($mybb->settings['dateformat'], $pm['dateline']);
 820              $posttime = my_date($mybb->settings['timeformat'], $pm['dateline']);
 821              $message = "[quote='{$pm['quotename']}']\n$message\n[/quote]";
 822              $message = preg_replace('#^/me (.*)$#im', "* ".$pm['quotename']." \\1", $message);
 823  
 824              if($mybb->input['do'] == 'forward')
 825              {
 826                  $subject = "Fw: $subject";
 827              }
 828              elseif($mybb->input['do'] == 'reply')
 829              {
 830                  $subject = "Re: $subject";
 831                  $uid = $pm['fromid'];
 832                  if($mybb->user['uid'] == $uid)
 833                  {
 834                      $to = $mybb->user['username'];
 835                  }
 836                  else
 837                  {
 838                      $query = $db->simple_select('users', 'username', "uid='{$uid}'");
 839                      $to = $db->fetch_field($query, 'username');
 840                  }
 841                  $to = htmlspecialchars_uni($to);
 842              }
 843              else if($mybb->input['do'] == 'replyall')
 844              {
 845                  $subject = "Re: $subject";
 846  
 847                  // Get list of recipients
 848                  $recipients = unserialize($pm['recipients']);
 849                  $recipientids = $pm['fromid'];
 850                  if(isset($recipients['to']) && is_array($recipients['to']))
 851                  {
 852                      foreach($recipients['to'] as $recipient)
 853                      {
 854                          if($recipient == $mybb->user['uid'])
 855                          {
 856                              continue;
 857                          }
 858                          $recipientids .= ','.$recipient;
 859                      }
 860                  }
 861                  $comma = '';
 862                  $query = $db->simple_select('users', 'uid, username', "uid IN ({$recipientids})");
 863                  while($user = $db->fetch_array($query))
 864                  {
 865                      $to .= $comma.htmlspecialchars_uni($user['username']);
 866                      $comma = $lang->comma;
 867                  }
 868              }
 869          }
 870      }
 871  
 872      // New PM with recipient preset
 873      if($mybb->input['uid'] && !$mybb->input['preview'])
 874      {
 875          $query = $db->simple_select('users', 'username', "uid='".$db->escape_string($mybb->input['uid'])."'");
 876          $to = htmlspecialchars_uni($db->fetch_field($query, 'username')).', ';
 877      }
 878  
 879      $max_recipients = '';
 880      if($mybb->usergroup['maxpmrecipients'] > 0)
 881      {
 882          $max_recipients = $lang->sprintf($lang->max_recipients, $mybb->usergroup['maxpmrecipients']);
 883      }
 884  
 885      if($send_errors)
 886      {
 887          $to = htmlspecialchars_uni($mybb->input['to']);
 888          $bcc = htmlspecialchars_uni($mybb->input['bcc']);
 889      }
 890  
 891      // Load the auto complete javascript if it is enabled.
 892      eval("\$autocompletejs = \"".$templates->get("private_send_autocomplete")."\";");
 893  
 894      $pmid = $mybb->input['pmid'];
 895      $do = $mybb->input['do'];
 896      if($do != "forward" && $do != "reply" && $do != "replyall")
 897      {
 898          $do = '';
 899      }
 900  
 901      // See if it's actually worth showing the buddylist icon.
 902      if($mybb->user['buddylist'] != '' && $mybb->settings['use_xmlhttprequest'] == 1)
 903      {
 904          $buddy_select = 'to';
 905          eval("\$buddy_select_to = \"".$templates->get("private_send_buddyselect")."\";");
 906          $buddy_select = 'bcc';
 907          eval("\$buddy_select_bcc = \"".$templates->get("private_send_buddyselect")."\";");
 908      }
 909  
 910      // Hide tracking option if no permission
 911      $private_send = $templates->get("private_send");
 912      $tracking = '';
 913      if($mybb->usergroup['cantrackpms'])
 914      {
 915          $tracking = $templates->get("private_send_tracking");
 916      }
 917      eval("\$private_send_tracking = \"".$tracking."\";");
 918  
 919      // Hide signature option if no permission
 920      $option_signature = '';
 921      if($mybb->usergroup['canusesig'] && !$mybb->user['suspendsignature'])
 922      {
 923          $option_signature = $templates->get('private_send_signature');
 924      }
 925      eval("\$private_send_signature = \"".$option_signature."\";");
 926  
 927      $plugins->run_hooks("private_send_end");
 928  
 929      eval("\$send = \"".$private_send."\";");
 930      output_page($send);
 931  }
 932  
 933  if($mybb->input['action'] == "read")
 934  {
 935      $plugins->run_hooks("private_read");
 936  
 937      $pmid = intval($mybb->input['pmid']);
 938  
 939      $query = $db->query("
 940          SELECT pm.*, u.*, f.*
 941          FROM ".TABLE_PREFIX."privatemessages pm
 942          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.fromid)
 943          LEFT JOIN ".TABLE_PREFIX."userfields f ON (f.ufid=u.uid)
 944          WHERE pm.pmid='".intval($mybb->input['pmid'])."' AND pm.uid='".$mybb->user['uid']."'
 945      ");
 946      $pm = $db->fetch_array($query);
 947      if($pm['folder'] == 3)
 948      {
 949          header("Location: private.php?action=send&pmid={$pm['pmid']}");
 950          exit;
 951      }
 952  
 953      if(!$pm['pmid'])
 954      {
 955          error($lang->error_invalidpm);
 956      }
 957  
 958      // If we've gotten a PM, attach the group info
 959      $data_key = array(
 960          'title' => 'grouptitle',
 961          'usertitle' => 'groupusertitle',
 962          'stars' => 'groupstars',
 963          'starimage' => 'groupstarimage',
 964          'image' => 'groupimage',
 965          'namestyle' => 'namestyle'
 966      );
 967  
 968      foreach($data_key as $field => $key)
 969      {
 970          $pm[$key] = $groupscache[$pm['usergroup']][$field];
 971      }
 972  
 973      if($pm['receipt'] == 1)
 974      {
 975          if($mybb->usergroup['candenypmreceipts'] == 1 && $mybb->input['denyreceipt'] == 1)
 976          {
 977              $receiptadd = 0;
 978          }
 979          else
 980          {
 981              $receiptadd = 2;
 982          }
 983      }
 984  
 985      if($pm['status'] == 0)
 986      {
 987          $time = TIME_NOW;
 988          $updatearray = array(
 989              'status' => 1,
 990              'readtime' => $time
 991          );
 992  
 993          if(isset($receiptadd))
 994          {
 995              $updatearray['receipt'] = $receiptadd;
 996          }
 997  
 998          $db->update_query('privatemessages', $updatearray, "pmid='{$pmid}'");
 999  
1000          // Update the unread count - it has now changed.
1001          update_pm_count($mybb->user['uid'], 6);
1002  
1003          // Update PM notice value if this is our last unread PM
1004          if($mybb->user['unreadpms']-1 <= 0 && $mybb->user['pmnotice'] == 2)
1005          {
1006              $updated_user = array(
1007                  "pmnotice" => 1
1008              );
1009              $db->update_query("users", $updated_user, "uid='{$mybb->user['uid']}'");
1010          }
1011      }
1012      // Replied PM?
1013      else if($pm['status'] == 3 && $pm['statustime'])
1014      {
1015          $reply_date = my_date($mybb->settings['dateformat'], $pm['statustime']);
1016  
1017          if($reply_date == $lang->today || $reply_date == $lang->yesterday)
1018          {
1019              $reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
1020              $actioned_on = $lang->sprintf($lang->you_replied, $reply_date);
1021          }
1022          else
1023          {
1024              $reply_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
1025              $actioned_on = $lang->sprintf($lang->you_replied_on, $reply_date);
1026          }
1027  
1028          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1029      }
1030      else if($pm['status'] == 4 && $pm['statustime'])
1031      {
1032          $forward_date = my_date($mybb->settings['dateformat'], $pm['statustime']);
1033  
1034          if(strpos($forward_date, $lang->today) !== false || strpos($forward_date, $lang->yesterday) !== false)
1035          {
1036              $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
1037              $actioned_on = $lang->sprintf($lang->you_forwarded, $forward_date);
1038          }
1039          else
1040          {
1041              $forward_date .= $lang->comma.my_date($mybb->settings['timeformat'], $pm['statustime']);
1042              $actioned_on = $lang->sprintf($lang->you_forwarded_on, $forward_date);
1043          }
1044  
1045          eval("\$action_time = \"".$templates->get("private_read_action")."\";");
1046      }
1047  
1048      $pm['userusername'] = $pm['username'];
1049      $pm['subject'] = htmlspecialchars_uni($parser->parse_badwords($pm['subject']));
1050  
1051      if($pm['fromid'] == 0)
1052      {
1053          $pm['username'] = $lang->mybb_engine;
1054      }
1055  
1056      if(!$pm['username'])
1057      {
1058          $pm['username'] = $lang->na;
1059      }
1060  
1061      // Fetch the recipients for this message
1062      $pm['recipients'] = @unserialize($pm['recipients']);
1063  
1064      if(is_array($pm['recipients']['to']))
1065      {
1066          $uid_sql = implode(',', $pm['recipients']['to']);
1067      }
1068      else
1069      {
1070          $uid_sql = $pm['toid'];
1071          $pm['recipients']['to'] = array($pm['toid']);
1072      }
1073  
1074      $show_bcc = 0;
1075  
1076      // If we have any BCC recipients and this user is an Administrator, add them on to the query
1077      if(count($pm['recipients']['bcc']) > 0 && $mybb->usergroup['cancp'] == 1)
1078      {
1079          $show_bcc = 1;
1080          $uid_sql .= ','.implode(',', $pm['recipients']['bcc']);
1081      }
1082  
1083      // Fetch recipient names from the database
1084      $bcc_recipients = $to_recipients = array();
1085      $query = $db->simple_select('users', 'uid, username', "uid IN ({$uid_sql})");
1086      while($recipient = $db->fetch_array($query))
1087      {
1088          // User is a BCC recipient
1089          if($show_bcc && in_array($recipient['uid'], $pm['recipients']['bcc']))
1090          {
1091              $bcc_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1092          }
1093          // User is a normal recipient
1094          else if(in_array($recipient['uid'], $pm['recipients']['to']))
1095          {
1096              $to_recipients[] = build_profile_link($recipient['username'], $recipient['uid']);
1097          }
1098      }
1099  
1100      if(count($bcc_recipients) > 0)
1101      {
1102          $bcc_recipients = implode(', ', $bcc_recipients);
1103          eval("\$bcc = \"".$templates->get("private_read_bcc")."\";");
1104      }
1105  
1106      $replyall = false;
1107      if(count($to_recipients) > 1)
1108      {
1109          $replyall = true;
1110      }
1111  
1112      if(count($to_recipients) > 0)
1113      {
1114          $to_recipients = implode(", ", $to_recipients);
1115      }
1116      else
1117      {
1118          $to_recipients = $lang->nobody;
1119      }
1120  
1121      eval("\$pm['subject_extra'] = \"".$templates->get("private_read_to")."\";");
1122  
1123      add_breadcrumb($pm['subject']);
1124      $message = build_postbit($pm, 2);
1125  
1126      $plugins->run_hooks("private_read_end");
1127  
1128      eval("\$read = \"".$templates->get("private_read")."\";");
1129      output_page($read);
1130  }
1131  
1132  if($mybb->input['action'] == "tracking")
1133  {
1134      if(!$mybb->usergroup['cantrackpms'])
1135      {
1136          error_no_permission();
1137      }
1138  
1139      $plugins->run_hooks("private_tracking_start");
1140      $readmessages = '';
1141      $unreadmessages = '';
1142  
1143      // Figure out if we need to display multiple pages.
1144      $perpage = $mybb->settings['postsperpage'];
1145  
1146      $query = $db->simple_select("privatemessages", "COUNT(pmid) as readpms", "receipt='2' AND folder!='3'  AND status!='0' AND fromid='".$mybb->user['uid']."'");
1147      $postcount = $db->fetch_field($query, "readpms");
1148  
1149      $page = intval($mybb->input['read_page']);
1150      $pages = $postcount / $perpage;
1151      $pages = ceil($pages);
1152  
1153      if($mybb->input['page'] == "last")
1154      {
1155          $page = $pages;
1156      }
1157  
1158      if($page > $pages || $page <= 0)
1159      {
1160          $page = 1;
1161      }
1162  
1163      if($page)
1164      {
1165          $start = ($page-1) * $perpage;
1166      }
1167      else
1168      {
1169          $start = 0;
1170          $page = 1;
1171      }
1172  
1173      $read_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;read_page={page}");
1174  
1175      $query = $db->query("
1176          SELECT pm.pmid, pm.subject, pm.toid, pm.readtime, u.username as tousername
1177          FROM ".TABLE_PREFIX."privatemessages pm
1178          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1179          WHERE pm.receipt='2' AND pm.folder!='3'  AND pm.status!='0' AND pm.fromid='".$mybb->user['uid']."'
1180          ORDER BY pm.readtime DESC
1181          LIMIT {$start}, {$perpage}
1182      ");
1183      while($readmessage = $db->fetch_array($query))
1184      {
1185          $readmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($readmessage['subject']));
1186          $readmessage['profilelink'] = build_profile_link($readmessage['tousername'], $readmessage['toid']);
1187          $readdate = my_date($mybb->settings['dateformat'], $readmessage['readtime']);
1188          $readtime = my_date($mybb->settings['timeformat'], $readmessage['readtime']);
1189          eval("\$readmessages .= \"".$templates->get("private_tracking_readmessage")."\";");
1190      }
1191  
1192      if(!$readmessages)
1193      {
1194          eval("\$readmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1195      }
1196  
1197      $query = $db->simple_select("privatemessages", "COUNT(pmid) as unreadpms", "receipt='1' AND folder!='3' AND status='0' AND fromid='".$mybb->user['uid']."'");
1198      $postcount = $db->fetch_field($query, "unreadpms");
1199  
1200      $page = intval($mybb->input['unread_page']);
1201      $pages = $postcount / $perpage;
1202      $pages = ceil($pages);
1203  
1204      if($mybb->input['page'] == "last")
1205      {
1206          $page = $pages;
1207      }
1208  
1209      if($page > $pages || $page <= 0)
1210      {
1211          $page = 1;
1212      }
1213  
1214      if($page)
1215      {
1216          $start = ($page-1) * $perpage;
1217      }
1218      else
1219      {
1220          $start = 0;
1221          $page = 1;
1222      }
1223  
1224      $unread_multipage = multipage($postcount, $perpage, $page, "private.php?action=tracking&amp;unread_page={page}");
1225  
1226      $query = $db->query("
1227          SELECT pm.pmid, pm.subject, pm.toid, pm.dateline, u.username as tousername
1228          FROM ".TABLE_PREFIX."privatemessages pm
1229          LEFT JOIN ".TABLE_PREFIX."users u ON (u.uid=pm.toid)
1230          WHERE pm.receipt='1' AND pm.folder!='3' AND pm.status='0' AND pm.fromid='".$mybb->user['uid']."'
1231          ORDER BY pm.dateline DESC
1232          LIMIT {$start}, {$perpage}
1233      ");
1234      while($unreadmessage = $db->fetch_array($query))
1235      {
1236          $unreadmessage['subject'] = htmlspecialchars_uni($parser->parse_badwords($unreadmessage['subject']));
1237          $unreadmessage['profilelink'] = build_profile_link($unreadmessage['tousername'], $unreadmessage['toid']);
1238          $senddate = my_date($mybb->settings['dateformat'], $unreadmessage['dateline']);
1239          $sendtime = my_date($mybb->settings['timeformat'], $unreadmessage['dateline']);
1240          eval("\$unreadmessages .= \"".$templates->get("private_tracking_unreadmessage")."\";");
1241      }
1242  
1243      if(!$unreadmessages)
1244      {
1245          $lang->no_readmessages = $lang->no_unreadmessages;
1246          eval("\$unreadmessages = \"".$templates->get("private_tracking_nomessage")."\";");
1247      }
1248  
1249      $plugins->run_hooks("private_tracking_end");
1250  
1251      eval("\$tracking = \"".$templates->get("private_tracking")."\";");
1252      output_page($tracking);
1253  }
1254  if($mybb->input['action'] == "do_tracking" && $mybb->request_method == "post")
1255  {
1256      // Verify incoming POST request
1257      verify_post_check($mybb->input['my_post_key']);
1258  
1259      $plugins->run_hooks("private_do_tracking_start");
1260  
1261      if($mybb->input['stoptracking'])
1262      {
1263          if(is_array($mybb->input['readcheck']))
1264          {
1265              foreach($mybb->input['readcheck'] as $key => $val)
1266              {
1267                  $sql_array = array(
1268                      "receipt" => 0
1269                  );
1270                  $db->update_query("privatemessages", $sql_array, "pmid=".intval($key)." AND fromid=".$mybb->user['uid']);
1271              }
1272          }
1273          $plugins->run_hooks("private_do_tracking_end");
1274          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1275      }
1276      elseif($mybb->input['stoptrackingunread'])
1277      {
1278          if(is_array($mybb->input['unreadcheck']))
1279          {
1280              foreach($mybb->input['unreadcheck'] as $key => $val)
1281              {
1282                  $sql_array = array(
1283                      "receipt" => 0
1284                  );
1285                  $db->update_query("privatemessages", $sql_array, "pmid=".intval($key)." AND fromid=".$mybb->user['uid']);
1286              }
1287          }
1288          $plugins->run_hooks("private_do_tracking_end");
1289          redirect("private.php?action=tracking", $lang->redirect_pmstrackingstopped);
1290      }
1291      elseif($mybb->input['cancel'])
1292      {
1293          if(is_array($mybb->input['unreadcheck']))
1294          {
1295              foreach($mybb->input['unreadcheck'] as $pmid => $val)
1296              {
1297                  $pmids[$pmid] = intval($pmid);
1298              }
1299  
1300              $pmids = implode(",", $pmids);
1301              $query = $db->simple_select("privatemessages", "uid", "pmid IN ($pmids) AND fromid='".$mybb->user['uid']."'");
1302              while($pm = $db->fetch_array($query))
1303              {
1304                  $pmuids[$pm['uid']] = $pm['uid'];
1305              }
1306  
1307              $db->delete_query("privatemessages", "pmid IN ($pmids) AND receipt='1' AND status='0' AND fromid='".$mybb->user['uid']."'");
1308              foreach($pmuids as $uid)
1309              {
1310                  // Message is canceled, update PM count for this user
1311                  update_pm_count($uid);
1312              }
1313          }
1314          $plugins->run_hooks("private_do_tracking_end");
1315          redirect("private.php?action=tracking", $lang->redirect_pmstrackingcanceled);
1316      }
1317  }
1318  
1319  if($mybb->input['action'] == "folders")
1320  {
1321      $plugins->run_hooks("private_folders_start");
1322  
1323      $folderlist = '';
1324      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1325      foreach($foldersexploded as $key => $folders)
1326      {
1327          $folderinfo = explode("**", $folders, 2);
1328          $foldername = $folderinfo[1];
1329          $fid = $folderinfo[0];
1330          $foldername = get_pm_folder_name($fid, $foldername);
1331  
1332          if($folderinfo[0] == "1" || $folderinfo[0] == "2" || $folderinfo[0] == "3" || $folderinfo[0] == "4")
1333          {
1334              $foldername2 = get_pm_folder_name($fid);
1335              eval("\$folderlist .= \"".$templates->get("private_folders_folder_unremovable")."\";");
1336              unset($name);
1337          }
1338          else
1339          {
1340              eval("\$folderlist .= \"".$templates->get("private_folders_folder")."\";");
1341          }
1342      }
1343  
1344      $newfolders = '';
1345      for($i = 1; $i <= 5; ++$i)
1346      {
1347          $fid = "new$i";
1348          $foldername = '';
1349          eval("\$newfolders .= \"".$templates->get("private_folders_folder")."\";");
1350      }
1351  
1352      $plugins->run_hooks("private_folders_end");
1353  
1354      eval("\$folders = \"".$templates->get("private_folders")."\";");
1355      output_page($folders);
1356  }
1357  
1358  if($mybb->input['action'] == "do_folders" && $mybb->request_method == "post")
1359  {
1360      // Verify incoming POST request
1361      verify_post_check($mybb->input['my_post_key']);
1362  
1363      $plugins->run_hooks("private_do_folders_start");
1364  
1365      $highestid = 2;
1366      $folders = '';
1367      @reset($mybb->input['folder']);
1368      foreach($mybb->input['folder'] as $key => $val)
1369      {
1370          if(!$donefolders[$val]) // Probably was a check for duplicate folder names, but doesn't seem to be used now
1371          {
1372              if(my_substr($key, 0, 3) == "new") // Create a new folder
1373              {
1374                  ++$highestid;
1375                  $fid = intval($highestid);
1376              }
1377              else // Editing an existing folder
1378              {
1379                  if($key > $highestid)
1380                  {
1381                      $highestid = $key;
1382                  }
1383  
1384                  $fid = intval($key);
1385                  // Use default language strings if empty or value is language string
1386                  switch($fid)
1387                  {
1388                      case 1:
1389                          if($val == $lang->folder_inbox || trim($val) == '')
1390                          {
1391                              $val = '';
1392                          }
1393                          break;
1394                      case 2:
1395                          if($val == $lang->folder_sent_items || trim($val) == '')
1396                          {
1397                              $val = '';
1398                          }
1399                          break;
1400                      case 3:
1401                          if($val == $lang->folder_drafts || trim($val) == '')
1402                          {
1403                              $val = '';
1404                          }
1405                          break;
1406                      case 4:
1407                          if($val == $lang->folder_trash || trim($val) == '')
1408                          {
1409                              $val = '';
1410                          }
1411                          break;
1412                  }
1413              }
1414  
1415              if($val != '' && trim($val) == '' && !($key >= 1 && $key <= 4))
1416              {
1417                  // If the name only contains whitespace and it's not a default folder, print an error
1418                  error($lang->error_emptypmfoldername);
1419              }
1420  
1421  
1422              if($val != '' || ($key >= 1 && $key <= 4))
1423              {
1424                  // If there is a name or if this is a default folder, save it
1425                  $foldername = $db->escape_string(htmlspecialchars_uni($val));
1426  
1427                  if(my_strpos($foldername, "$%%$") === false)
1428                  {
1429                      if($folders != '')
1430                      {
1431                          $folders .= "$%%$";
1432                      }
1433                      $folders .= "$fid**$foldername";
1434                  }
1435                  else
1436                  {
1437                      error($lang->error_invalidpmfoldername);
1438                  }
1439              }
1440              else
1441              {
1442                  // Delete PMs from the folder
1443                  $db->delete_query("privatemessages", "folder='$fid' AND uid='".$mybb->user['uid']."'");
1444              }
1445          }
1446      }
1447  
1448      $sql_array = array(
1449          "pmfolders" => $folders
1450      );
1451      $db->update_query("users", $sql_array, "uid='".$mybb->user['uid']."'");
1452  
1453      // Update PM count
1454      update_pm_count();
1455  
1456      $plugins->run_hooks("private_do_folders_end");
1457  
1458      redirect("private.php", $lang->redirect_pmfoldersupdated);
1459  }
1460  
1461  if($mybb->input['action'] == "empty")
1462  {
1463      $plugins->run_hooks("private_empty_start");
1464  
1465      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1466      $folderlist = '';
1467      foreach($foldersexploded as $key => $folders)
1468      {
1469          $folderinfo = explode("**", $folders, 2);
1470          $fid = $folderinfo[0];
1471          $foldername = get_pm_folder_name($fid, $folderinfo[1]);
1472          $query = $db->simple_select("privatemessages", "COUNT(*) AS pmsinfolder", " folder='$fid' AND uid='".$mybb->user['uid']."'");
1473          $thing = $db->fetch_array($query);
1474          $foldercount = my_number_format($thing['pmsinfolder']);
1475          eval("\$folderlist .= \"".$templates->get("private_empty_folder")."\";");
1476      }
1477  
1478      $plugins->run_hooks("private_empty_end");
1479  
1480      eval("\$folders = \"".$templates->get("private_empty")."\";");
1481      output_page($folders);
1482  }
1483  
1484  if($mybb->input['action'] == "do_empty" && $mybb->request_method == "post")
1485  {
1486      // Verify incoming POST request
1487      verify_post_check($mybb->input['my_post_key']);
1488  
1489      $plugins->run_hooks("private_do_empty_start");
1490  
1491      $emptyq = '';
1492      if(is_array($mybb->input['empty']))
1493      {
1494          foreach($mybb->input['empty'] as $key => $val)
1495          {
1496              if($val == 1)
1497              {
1498                  $key = intval($key);
1499                  if($emptyq)
1500                  {
1501                      $emptyq .= " OR ";
1502                  }
1503                  $emptyq .= "folder='$key'";
1504              }
1505          }
1506  
1507          if($emptyq != '')
1508          {
1509              if($mybb->input['keepunread'] == 1)
1510              {
1511                  $keepunreadq = " AND status!='0'";
1512              }
1513              $db->delete_query("privatemessages", "($emptyq) AND uid='".$mybb->user['uid']."' $keepunreadq");
1514          }
1515      }
1516  
1517      // Update PM count
1518      update_pm_count();
1519  
1520      $plugins->run_hooks("private_do_empty_end");
1521      redirect("private.php", $lang->redirect_pmfoldersemptied);
1522  }
1523  
1524  if($mybb->input['action'] == "do_stuff" && $mybb->request_method == "post")
1525  {
1526      // Verify incoming POST request
1527      verify_post_check($mybb->input['my_post_key']);
1528  
1529      $plugins->run_hooks("private_do_stuff");
1530  
1531      if($mybb->input['hop'])
1532      {
1533          header("Location: private.php?fid=".intval($mybb->input['jumpto']));
1534      }
1535      elseif($mybb->input['moveto'])
1536      {
1537          if(is_array($mybb->input['check']))
1538          {
1539              foreach($mybb->input['check'] as $key => $val)
1540              {
1541                  $sql_array = array(
1542                      "folder" => intval($mybb->input['fid'])
1543                  );
1544                  $db->update_query("privatemessages", $sql_array, "pmid='".intval($key)."' AND uid='".$mybb->user['uid']."'");
1545              }
1546          }
1547          // Update PM count
1548          update_pm_count();
1549  
1550          if(!empty($mybb->input['fromfid']))
1551          {
1552              redirect("private.php?fid=".intval($mybb->input['fromfid']), $lang->redirect_pmsmoved);
1553          }
1554          else
1555          {
1556              redirect("private.php", $lang->redirect_pmsmoved);
1557          }
1558      }
1559      else if($mybb->input['delete'])
1560      {
1561          if(is_array($mybb->input['check']))
1562          {
1563              $pmssql = '';
1564              foreach($mybb->input['check'] as $key => $val)
1565              {
1566                  if($pmssql)
1567                  {
1568                      $pmssql .= ",";
1569                  }
1570                  $pmssql .= "'".intval($key)."'";
1571              }
1572  
1573              $query = $db->simple_select("privatemessages", "pmid, folder", "pmid IN ($pmssql) AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1574              while($delpm = $db->fetch_array($query))
1575              {
1576                  $deletepms[$delpm['pmid']] = 1;
1577              }
1578  
1579              reset($mybb->input['check']);
1580              foreach($mybb->input['check'] as $key => $val)
1581              {
1582                  $key = intval($key);
1583                  if($deletepms[$key])
1584                  {
1585                      $db->delete_query("privatemessages", "pmid='$key' AND uid='".$mybb->user['uid']."'");
1586                  }
1587                  else
1588                  {
1589                      $sql_array = array(
1590                          "folder" => 4,
1591                          "deletetime" => TIME_NOW
1592                      );
1593                      $db->update_query("privatemessages", $sql_array, "pmid='".$key."' AND uid='".$mybb->user['uid']."'");
1594                  }
1595              }
1596          }
1597          // Update PM count
1598          update_pm_count();
1599  
1600          if(!empty($mybb->input['fromfid']))
1601          {
1602              redirect("private.php?fid=".intval($mybb->input['fromfid']), $lang->redirect_pmsdeleted);
1603          }
1604          else
1605          {
1606              redirect("private.php", $lang->redirect_pmsdeleted);
1607          }
1608      }
1609  }
1610  
1611  if($mybb->input['action'] == "delete")
1612  {
1613      // Verify incoming POST request
1614      verify_post_check($mybb->input['my_post_key']);
1615  
1616      $plugins->run_hooks("private_delete_start");
1617  
1618      $query = $db->simple_select("privatemessages", "*", "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."' AND folder='4'", array('order_by' => 'pmid'));
1619      if($db->num_rows($query) == 1)
1620      {
1621          $db->delete_query("privatemessages", "pmid='".intval($mybb->input['pmid'])."'");
1622      }
1623      else
1624      {
1625          $sql_array = array(
1626              "folder" => 4,
1627              "deletetime" => TIME_NOW
1628          );
1629          $db->update_query("privatemessages", $sql_array, "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."'");
1630      }
1631  
1632      // Update PM count
1633      update_pm_count();
1634  
1635      $plugins->run_hooks("private_delete_end");
1636      redirect("private.php", $lang->redirect_pmsdeleted);
1637  }
1638  
1639  if($mybb->input['action'] == "export")
1640  {
1641      $plugins->run_hooks("private_export_start");
1642  
1643      $folderlist = "<select name=\"exportfolders[]\" multiple=\"multiple\">\n";
1644      $folderlist .= "<option value=\"all\" selected=\"selected\">$lang->all_folders</option>";
1645      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1646      foreach($foldersexploded as $key => $folders)
1647      {
1648          $folderinfo = explode("**", $folders, 2);
1649          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1650          $folderlist .= "<option value=\"$folderinfo[0]\">$folderinfo[1]</option>\n";
1651      }
1652      $folderlist .= "</select>\n";
1653  
1654      $plugins->run_hooks("private_export_end");
1655  
1656      eval("\$archive = \"".$templates->get("private_archive")."\";");
1657  
1658      output_page($archive);
1659  }
1660  
1661  if($mybb->input['action'] == "do_export" && $mybb->request_method == "post")
1662  {
1663      // Verify incoming POST request
1664      verify_post_check($mybb->input['my_post_key']);
1665  
1666      $plugins->run_hooks("private_do_export_start");
1667  
1668      $lang->private_messages_for = $lang->sprintf($lang->private_messages_for, $mybb->user['username']);
1669      $exdate = my_date($mybb->settings['dateformat'], TIME_NOW, 0, 0);
1670      $extime = my_date($mybb->settings['timeformat'], TIME_NOW, 0, 0);
1671      $lang->exported_date = $lang->sprintf($lang->exported_date, $exdate, $extime);
1672      $foldersexploded = explode("$%%$", $mybb->user['pmfolders']);
1673      foreach($foldersexploded as $key => $folders)
1674      {
1675          $folderinfo = explode("**", $folders, 2);
1676          $folderinfo[1] = get_pm_folder_name($folderinfo[0], $folderinfo[1]);
1677          $foldersexploded[$key] = implode("**", $folderinfo);
1678      }
1679  
1680      if($mybb->input['pmid'])
1681      {
1682          $wsql = "pmid='".intval($mybb->input['pmid'])."' AND uid='".$mybb->user['uid']."'";
1683      }
1684      else
1685      {
1686          if($mybb->input['daycut'] && ($mybb->input['dayway'] != "disregard"))
1687          {
1688              $datecut = TIME_NOW-($mybb->input['daycut'] * 86400);
1689              $wsql = "pm.dateline";
1690              if($mybb->input['dayway'] == "older")
1691              {
1692                  $wsql .= "<=";
1693              }
1694              else
1695              {
1696                  $wsql .= ">=";
1697              }
1698              $wsql .= "'$datecut'";
1699          }
1700          else
1701          {
1702              $wsql = "1=1";
1703          }
1704  
1705          if(is_array($mybb->input['exportfolders']))
1706          {
1707              $folderlst = '';
1708              reset($mybb->input['exportfolders']);
1709              foreach($mybb->input['exportfolders'] as $key => $val)
1710              {
1711                  $val = $db->escape_string($val);
1712                  if($val == "all")
1713                  {
1714                      $folderlst = '';
1715                      break;
1716                  }
1717                  else
1718                  {
1719                      if(!$folderlst)
1720                      {
1721                          $folderlst = " AND pm.folder IN ('$val'";
1722                      }
1723                      else
1724                      {
1725                          $folderlst .= ",'$val'";
1726                      }
1727                  }
1728              }
1729              if($folderlst)
1730              {
1731                  $folderlst .= ")";
1732              }
1733              $wsql .= "$folderlst";
1734          }
1735          else
1736          {
1737              error($lang->error_pmnoarchivefolders);
1738          }
1739  
1740          if($mybb->input['exportunread'] != 1)
1741          {
1742              $wsql .= " AND pm.status!='0'";
1743          }
1744      }
1745      $query = $db->query("
1746          SELECT pm.*, fu.username AS fromusername, tu.username AS tousername
1747          FROM ".TABLE_PREFIX."privatemessages pm
1748          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
1749          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
1750          WHERE $wsql AND pm.uid='".$mybb->user['uid']."'
1751          ORDER BY pm.folder ASC, pm.dateline DESC
1752      ");
1753      $numpms = $db->num_rows($query);
1754      if(!$numpms)
1755      {
1756          error($lang->error_nopmsarchive);
1757      }
1758  
1759      $pmsdownload = '';
1760      while($message = $db->fetch_array($query))
1761      {
1762          if($message['folder'] == 2 || $message['folder'] == 3)
1763          { // Sent Items or Drafts Folder Check
1764              if($message['toid'])
1765              {
1766                  $tofromuid = $message['toid'];
1767                  if($mybb->input['exporttype'] == "txt")
1768                  {
1769                      $tofromusername = $message['tousername'];
1770                  }
1771                  else
1772                  {
1773                      $tofromusername = build_profile_link($message['tousername'], $tofromuid);
1774                  }
1775              }
1776              else
1777              {
1778                  $tofromusername = $lang->not_sent;
1779              }
1780              $tofrom = $lang->to;
1781          }
1782          else
1783          {
1784              $tofromuid = $message['fromid'];
1785              if($mybb->input['exporttype'] == "txt")
1786              {
1787                  $tofromusername = $message['fromusername'];
1788              }
1789              else
1790              {
1791                  $tofromusername = build_profile_link($message['fromusername'], $tofromuid);
1792              }
1793  
1794              if($tofromuid == 0)
1795              {
1796                  $tofromusername = $lang->mybb_engine;
1797              }
1798              $tofrom = $lang->from;
1799          }
1800  
1801          if($tofromuid == 0)
1802          {
1803              $message['fromusername'] = $lang->mybb_engine;
1804          }
1805  
1806          if(!$message['toid'] && $message['folder'] == 3)
1807          {
1808              $message['tousername'] = $lang->not_sent;
1809          }
1810  
1811          $message['subject'] = $parser->parse_badwords($message['subject']);
1812          if($message['folder'] != "3")
1813          {
1814              $senddate = my_date($mybb->settings['dateformat'], $message['dateline']);
1815              $sendtime = my_date($mybb->settings['timeformat'], $message['dateline']);
1816              $senddate .= " $lang->at $sendtime";
1817          }
1818          else
1819          {
1820              $senddate = $lang->not_sent;
1821          }
1822  
1823          if($mybb->input['exporttype'] == "html")
1824          {
1825              $parser_options = array(
1826                  "allow_html" => $mybb->settings['pmsallowhtml'],
1827                  "allow_mycode" => $mybb->settings['pmsallowmycode'],
1828                  "allow_smilies" => 0,
1829                  "allow_imgcode" => $mybb->settings['pmsallowimgcode'],
1830                  "allow_videocode" => $mybb->settings['pmsallowvideocode'],
1831                  "me_username" => $mybb->user['username'],
1832                  "filter_badwords" => 1
1833              );
1834  
1835              $message['message'] = $parser->parse_message($message['message'], $parser_options);
1836              $message['subject'] = htmlspecialchars_uni($message['subject']);
1837          }
1838  
1839          if($mybb->input['exporttype'] == "txt" || $mybb->input['exporttype'] == "csv")
1840          {
1841              $message['message'] = str_replace("\r\n", "\n", $message['message']);
1842              $message['message'] = str_replace("\n", "\r\n", $message['message']);
1843          }
1844  
1845          if($mybb->input['exporttype'] == "csv")
1846          {
1847              $message['message'] = addslashes($message['message']);
1848              $message['subject'] = addslashes($message['subject']);
1849              $message['tousername'] = addslashes($message['tousername']);
1850              $message['fromusername'] = addslashes($message['fromusername']);
1851          }
1852  
1853  
1854          if(!$donefolder[$message['folder']])
1855          {
1856              reset($foldersexploded);
1857              foreach($foldersexploded as $key => $val)
1858              {
1859                  $folderinfo = explode("**", $val, 2);
1860                  if($folderinfo[0] == $message['folder'])
1861                  {
1862                      $foldername = $folderinfo[1];
1863                      if($mybb->input['exporttype'] != "csv")
1864                      {
1865                          if($mybb->input['exporttype'] != "html")
1866                          {
1867                              $mybb->input['exporttype'] == "txt";
1868                          }
1869                          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_folderhead", 1, 0)."\";");
1870                      }
1871                      else
1872                      {
1873                          $foldername = addslashes($folderinfo[1]);
1874                      }
1875                      $donefolder[$message['folder']] = 1;
1876                  }
1877              }
1878          }
1879  
1880          eval("\$pmsdownload .= \"".$templates->get("private_archive_".$mybb->input['exporttype']."_message", 1, 0)."\";");
1881          $ids .= ",'{$message['pmid']}'";
1882      }
1883  
1884      if($mybb->input['exporttype'] == "html")
1885      {
1886          // Gather global stylesheet for HTML
1887          $query = $db->simple_select("themestylesheets", "stylesheet", "sid = '1'", array('limit' => 1));
1888          $css = $db->fetch_field($query, "stylesheet");
1889      }
1890  
1891      $plugins->run_hooks("private_do_export_end");
1892  
1893      eval("\$archived = \"".$templates->get("private_archive_".$mybb->input['exporttype'], 1, 0)."\";");
1894      if($mybb->input['deletepms'] == 1)
1895      { // delete the archived pms
1896          $db->delete_query("privatemessages", "pmid IN ('0'$ids)");
1897          // Update PM count
1898          update_pm_count();
1899      }
1900  
1901      if($mybb->input['exporttype'] == "html")
1902      {
1903          $filename = "pm-archive.html";
1904          $contenttype = "text/html";
1905      }
1906      elseif($mybb->input['exporttype'] == "csv")
1907      {
1908          $filename = "pm-archive.csv";
1909          $contenttype = "application/octet-stream";
1910      }
1911      else
1912      {
1913          $filename = "pm-archive.txt";
1914          $contenttype = "text/plain";
1915      }
1916  
1917      $archived = str_replace("\\\'","'",$archived);
1918      header("Content-disposition: filename=$filename");
1919      header("Content-type: ".$contenttype);
1920  
1921      if($mybb->input['exporttype'] == "html")
1922      {
1923          output_page($archived);
1924      }
1925      else
1926      {
1927          echo $archived;
1928      }
1929  }
1930  
1931  if(!$mybb->input['action'])
1932  {
1933      $plugins->run_hooks("private_start");
1934  
1935      if(!$mybb->input['fid'] || !array_key_exists($mybb->input['fid'], $foldernames))
1936      {
1937          $mybb->input['fid'] = 1;
1938      }
1939  
1940      $folder = $mybb->input['fid'];
1941      $foldername = $foldernames[$folder];
1942  
1943      $lang->pms_in_folder = $lang->sprintf($lang->pms_in_folder, $foldername);
1944      if($folder == 2 || $folder == 3)
1945      { // Sent Items Folder
1946          $sender = $lang->sentto;
1947      }
1948      else
1949      {
1950          $sender = $lang->sender;
1951      }
1952  
1953      // Do Multi Pages
1954      $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."' AND folder='$folder'");
1955      $pmscount = $db->fetch_array($query);
1956  
1957      if(!$mybb->settings['threadsperpage'])
1958      {
1959          $mybb->settings['threadsperpage'] = 20;
1960      }
1961  
1962      $perpage = $mybb->settings['threadsperpage'];
1963      $page = intval($mybb->input['page']);
1964  
1965      if(intval($mybb->input['page']) > 0)
1966      {
1967          $start = ($page-1) *$perpage;
1968      }
1969      else
1970      {
1971          $start = 0;
1972          $page = 1;
1973      }
1974  
1975      $end = $start + $perpage;
1976      $lower = $start+1;
1977      $upper = $end;
1978  
1979      if($upper > $threadcount)
1980      {
1981          $upper = $threadcount;
1982      }
1983      $multipage = multipage($pmscount['total'], $perpage, $page, "private.php?fid=$folder");
1984      $messagelist = '';
1985  
1986      $icon_cache = $cache->read("posticons");
1987  
1988      // Cache users in multiple recipients for sent & drafts folder
1989      if($folder == 2 || $folder == 3)
1990      {
1991          // Get all recipients into an array
1992          $cached_users = $get_users = array();
1993          $users_query = $db->simple_select("privatemessages", "recipients", "folder='$folder' AND uid='{$mybb->user['uid']}'", array('limit_start' => $start, 'limit' => $perpage, 'order_by' => 'dateline', 'order_dir' => 'DESC'));
1994          while($row = $db->fetch_array($users_query))
1995          {
1996              $recipients = unserialize($row['recipients']);
1997              if(is_array($recipients['to']) && count($recipients['to']))
1998              {
1999                  $get_users = array_merge($get_users, $recipients['to']);
2000              }
2001  
2002              if(is_array($recipients['bcc']) && count($recipients['bcc']))
2003              {
2004                  $get_users = array_merge($get_users, $recipients['bcc']);
2005              }
2006          }
2007  
2008          $get_users = implode(',', array_unique($get_users));
2009  
2010          // Grab info
2011          if($get_users)
2012          {
2013              $users_query = $db->simple_select("users", "uid, username, usergroup, displaygroup", "uid IN ({$get_users})");
2014              while($user = $db->fetch_array($users_query))
2015              {
2016                  $cached_users[$user['uid']] = $user;
2017              }
2018          }
2019      }
2020  
2021      $query = $db->query("
2022          SELECT pm.*, fu.username AS fromusername, tu.username as tousername
2023          FROM ".TABLE_PREFIX."privatemessages pm
2024          LEFT JOIN ".TABLE_PREFIX."users fu ON (fu.uid=pm.fromid)
2025          LEFT JOIN ".TABLE_PREFIX."users tu ON (tu.uid=pm.toid)
2026          WHERE pm.folder='$folder' AND pm.uid='".$mybb->user['uid']."'
2027          ORDER BY pm.dateline DESC
2028          LIMIT $start, $perpage
2029      ");
2030  
2031      if($db->num_rows($query) > 0)
2032      {
2033          while($message = $db->fetch_array($query))
2034          {
2035              $msgalt = $msgsuffix = $msgprefix = '';
2036              // Determine Folder Icon
2037              if($message['status'] == 0)
2038              {
2039                  $msgfolder = 'new_pm.gif';
2040                  $msgalt = $lang->new_pm;
2041                  $msgprefix = "<strong>";
2042                  $msgsuffix = "</strong>";
2043              }
2044              elseif($message['status'] == 1)
2045              {
2046                  $msgfolder = 'old_pm.gif';
2047                  $msgalt = $lang->old_pm;
2048              }
2049              elseif($message['status'] == 3)
2050              {
2051                  $msgfolder = 're_pm.gif';
2052                  $msgalt = $lang->reply_pm;
2053              }
2054              elseif($message['status'] == 4)
2055              {
2056                  $msgfolder = 'fw_pm.gif';
2057                  $msgalt = $lang->fwd_pm;
2058              }
2059  
2060              if($folder == 2 || $folder == 3)
2061              { // Sent Items or Drafts Folder Check
2062                  $recipients = unserialize($message['recipients']);
2063                  $to_users = $bcc_users = '';
2064                  if(count($recipients['to']) > 1 || (count($recipients['to']) == 1 && count($recipients['bcc']) > 0))
2065                  {
2066                      foreach($recipients['to'] as $uid)
2067                      {
2068                          $profilelink = get_profile_link($uid);
2069                          $user = $cached_users[$uid];
2070                          $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2071                          if(!$user['username'])
2072                          {
2073                              $username = $lang->na;
2074                          }
2075                          eval("\$to_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2076                      }
2077                      if(is_array($recipients['bcc']) && count($recipients['bcc']))
2078                      {
2079                          eval("\$bcc_users = \"".$templates->get("private_multiple_recipients_bcc")."\";");
2080                          foreach($recipients['bcc'] as $uid)
2081                          {
2082                              $profilelink = get_profile_link($uid);
2083                              $user = $cached_users[$uid];
2084                              $username = format_name($user['username'], $user['usergroup'], $user['displaygroup']);
2085                              if(!$user['username'])
2086                              {
2087                                  $username = $lang->na;
2088                              }
2089                              eval("\$bcc_users .= \"".$templates->get("private_multiple_recipients_user")."\";");
2090                          }
2091                      }
2092  
2093                      eval("\$tofromusername = \"".$templates->get("private_multiple_recipients")."\";");
2094                  }
2095                  else if($message['toid'])
2096                  {
2097                      $tofromusername = $message['tousername'];
2098                      $tofromuid = $message['toid'];
2099                  }
2100                  else
2101                  {
2102                      $tofromusername = $lang->not_sent;
2103                  }
2104              }
2105              else
2106              {
2107                  $tofromusername = $message['fromusername'];
2108                  $tofromuid = $message['fromid'];
2109                  if($tofromuid == 0)
2110                  {
2111                      $tofromusername = $lang->mybb_engine;
2112                  }
2113  
2114                  if(!$tofromusername)
2115                  {
2116                      $tofromuid = 0;
2117                      $tofromusername = $lang->na;
2118                  }
2119              }
2120  
2121              $tofromusername = build_profile_link($tofromusername, $tofromuid);
2122  
2123              if($mybb->usergroup['candenypmreceipts'] == 1 && $message['receipt'] == '1' && $message['folder'] != '3' && $message['folder'] != 2)
2124              {
2125                  eval("\$denyreceipt = \"".$templates->get("private_messagebit_denyreceipt")."\";");
2126              }
2127              else
2128              {
2129                  $denyreceipt = '';
2130              }
2131  
2132              if($message['icon'] > 0 && $icon_cache[$message['icon']])
2133              {
2134                  $icon = $icon_cache[$message['icon']];
2135                  $icon = "<img src=\"{$icon['path']}\" alt=\"{$icon['name']}\" align=\"center\" valign=\"middle\" />";
2136              }
2137              else
2138              {
2139                  $icon = '&#009;';
2140              }
2141  
2142              if(!trim($message['subject']))
2143              {
2144                  $message['subject'] = $lang->pm_no_subject;
2145              }
2146  
2147              $message['subject'] = htmlspecialchars_uni($parser->parse_badwords($message['subject']));
2148              if($message['folder'] != "3")
2149              {
2150                  $sendpmdate = my_date($mybb->settings['dateformat'], $message['dateline']);
2151                  $sendpmtime = my_date($mybb->settings['timeformat'], $message['dateline']);
2152                  $senddate = $sendpmdate.", ".$sendpmtime;
2153              }
2154              else
2155              {
2156                  $senddate = $lang->not_sent;
2157              }
2158              eval("\$messagelist .= \"".$templates->get("private_messagebit")."\";");
2159          }
2160      }
2161      else
2162      {
2163          eval("\$messagelist .= \"".$templates->get("private_nomessages")."\";");
2164      }
2165  
2166      if($mybb->usergroup['pmquota'] != '0' && $mybb->usergroup['cancp'] != 1)
2167      {
2168          $query = $db->simple_select("privatemessages", "COUNT(*) AS total", "uid='".$mybb->user['uid']."'");
2169          $pmscount = $db->fetch_array($query);
2170          if($pmscount['total'] == 0)
2171          {
2172              $spaceused = 0;
2173          }
2174          else
2175          {
2176              $spaceused = $pmscount['total'] / $mybb->usergroup['pmquota'] * 100;
2177          }
2178          $spaceused2 = 100 - $spaceused;
2179          if($spaceused <= "50")
2180          {
2181              $belowhalf = round($spaceused, 0)."%";
2182              if(intval($belowhalf) > 100)
2183              {
2184                  $belowhalf = "100%";
2185              }
2186          }
2187          else
2188          {
2189              $overhalf = round($spaceused, 0)."%";
2190              if(intval($overhalf) > 100)
2191              {
2192                  $overhalf = "100%";
2193              }
2194          }
2195  
2196          eval("\$pmspacebar = \"".$templates->get("private_pmspace")."\";");
2197      }
2198  
2199      if($mybb->usergroup['pmquota'] != "0" && $pmscount['total'] >= $mybb->usergroup['pmquota'] && $mybb->usergroup['cancp'] != 1)
2200      {
2201          eval("\$limitwarning = \"".$templates->get("private_limitwarning")."\";");
2202      }
2203  
2204      $plugins->run_hooks("private_end");
2205  
2206      eval("\$folder = \"".$templates->get("private")."\";");
2207      output_page($folder);
2208  }
2209  ?>

title

Description

title

Description

title

Description

title

title

Body